2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core and sockets. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
58 #define VERSION "2.15"
60 static int disable_ertm = 0;
62 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
63 static u8 l2cap_fixed_chan[8] = { 0x02, };
65 static const struct proto_ops l2cap_sock_ops;
67 static struct workqueue_struct *_busy_wq;
69 static struct bt_sock_list l2cap_sk_list = {
70 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
73 static void l2cap_busy_work(struct work_struct *work);
75 static void __l2cap_sock_close(struct sock *sk, int reason);
76 static void l2cap_sock_close(struct sock *sk);
77 static void l2cap_sock_kill(struct sock *sk);
79 static int l2cap_build_conf_req(struct sock *sk, void *data);
80 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
81 u8 code, u8 ident, u16 dlen, void *data);
83 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
85 /* ---- L2CAP timers ---- */
86 static void l2cap_sock_timeout(unsigned long arg)
88 struct sock *sk = (struct sock *) arg;
91 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
96 reason = ECONNREFUSED;
97 else if (sk->sk_state == BT_CONNECT &&
98 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
99 reason = ECONNREFUSED;
103 __l2cap_sock_close(sk, reason);
111 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
113 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
114 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
117 static void l2cap_sock_clear_timer(struct sock *sk)
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 sk_stop_timer(sk, &sk->sk_timer);
123 /* ---- L2CAP channels ---- */
124 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
127 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
128 if (l2cap_pi(s)->dcid == cid)
134 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
137 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
138 if (l2cap_pi(s)->scid == cid)
144 /* Find channel with given SCID.
145 * Returns locked socket */
146 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
150 s = __l2cap_get_chan_by_scid(l, cid);
153 read_unlock(&l->lock);
157 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
160 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
161 if (l2cap_pi(s)->ident == ident)
167 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
171 s = __l2cap_get_chan_by_ident(l, ident);
174 read_unlock(&l->lock);
178 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
180 u16 cid = L2CAP_CID_DYN_START;
182 for (; cid < L2CAP_CID_DYN_END; cid++) {
183 if (!__l2cap_get_chan_by_scid(l, cid))
190 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
195 l2cap_pi(l->head)->prev_c = sk;
197 l2cap_pi(sk)->next_c = l->head;
198 l2cap_pi(sk)->prev_c = NULL;
202 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
204 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
206 write_lock_bh(&l->lock);
211 l2cap_pi(next)->prev_c = prev;
213 l2cap_pi(prev)->next_c = next;
214 write_unlock_bh(&l->lock);
219 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
221 struct l2cap_chan_list *l = &conn->chan_list;
223 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
224 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
226 conn->disc_reason = 0x13;
228 l2cap_pi(sk)->conn = conn;
230 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
231 /* Alloc CID for connection-oriented socket */
232 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
233 } else if (sk->sk_type == SOCK_DGRAM) {
234 /* Connectionless socket */
235 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
236 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
237 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
239 /* Raw socket can send/recv signalling messages only */
240 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
241 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
242 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
245 __l2cap_chan_link(l, sk);
248 bt_accept_enqueue(parent, sk);
252 * Must be called on the locked socket. */
253 static void l2cap_chan_del(struct sock *sk, int err)
255 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
256 struct sock *parent = bt_sk(sk)->parent;
258 l2cap_sock_clear_timer(sk);
260 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
263 /* Unlink from channel list */
264 l2cap_chan_unlink(&conn->chan_list, sk);
265 l2cap_pi(sk)->conn = NULL;
266 hci_conn_put(conn->hcon);
269 sk->sk_state = BT_CLOSED;
270 sock_set_flag(sk, SOCK_ZAPPED);
276 bt_accept_unlink(sk);
277 parent->sk_data_ready(parent, 0);
279 sk->sk_state_change(sk);
281 skb_queue_purge(TX_QUEUE(sk));
283 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
284 struct srej_list *l, *tmp;
286 del_timer(&l2cap_pi(sk)->retrans_timer);
287 del_timer(&l2cap_pi(sk)->monitor_timer);
288 del_timer(&l2cap_pi(sk)->ack_timer);
290 skb_queue_purge(SREJ_QUEUE(sk));
291 skb_queue_purge(BUSY_QUEUE(sk));
293 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
300 /* Service level security */
301 static inline int l2cap_check_security(struct sock *sk)
303 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
306 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
307 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
308 auth_type = HCI_AT_NO_BONDING_MITM;
310 auth_type = HCI_AT_NO_BONDING;
312 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
313 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
315 switch (l2cap_pi(sk)->sec_level) {
316 case BT_SECURITY_HIGH:
317 auth_type = HCI_AT_GENERAL_BONDING_MITM;
319 case BT_SECURITY_MEDIUM:
320 auth_type = HCI_AT_GENERAL_BONDING;
323 auth_type = HCI_AT_NO_BONDING;
328 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
332 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
336 /* Get next available identificator.
337 * 1 - 128 are used by kernel.
338 * 129 - 199 are reserved.
339 * 200 - 254 are used by utilities like l2ping, etc.
342 spin_lock_bh(&conn->lock);
344 if (++conn->tx_ident > 128)
349 spin_unlock_bh(&conn->lock);
354 static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
356 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
358 BT_DBG("code 0x%2.2x", code);
363 hci_send_acl(conn->hcon, skb, 0);
366 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
369 struct l2cap_hdr *lh;
370 struct l2cap_conn *conn = pi->conn;
371 struct sock *sk = (struct sock *)pi;
372 int count, hlen = L2CAP_HDR_SIZE + 2;
374 if (sk->sk_state != BT_CONNECTED)
377 if (pi->fcs == L2CAP_FCS_CRC16)
380 BT_DBG("pi %p, control 0x%2.2x", pi, control);
382 count = min_t(unsigned int, conn->mtu, hlen);
383 control |= L2CAP_CTRL_FRAME_TYPE;
385 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
386 control |= L2CAP_CTRL_FINAL;
387 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
390 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
391 control |= L2CAP_CTRL_POLL;
392 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
395 skb = bt_skb_alloc(count, GFP_ATOMIC);
399 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
400 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
401 lh->cid = cpu_to_le16(pi->dcid);
402 put_unaligned_le16(control, skb_put(skb, 2));
404 if (pi->fcs == L2CAP_FCS_CRC16) {
405 u16 fcs = crc16(0, (u8 *)lh, count - 2);
406 put_unaligned_le16(fcs, skb_put(skb, 2));
409 hci_send_acl(pi->conn->hcon, skb, 0);
412 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
414 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
415 control |= L2CAP_SUPER_RCV_NOT_READY;
416 pi->conn_state |= L2CAP_CONN_RNR_SENT;
418 control |= L2CAP_SUPER_RCV_READY;
420 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
422 l2cap_send_sframe(pi, control);
425 static inline int __l2cap_no_conn_pending(struct sock *sk)
427 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
430 static void l2cap_do_start(struct sock *sk)
432 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
434 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
435 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
438 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
439 struct l2cap_conn_req req;
440 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
441 req.psm = l2cap_pi(sk)->psm;
443 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
444 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
446 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
447 L2CAP_CONN_REQ, sizeof(req), &req);
450 struct l2cap_info_req req;
451 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
453 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
454 conn->info_ident = l2cap_get_ident(conn);
456 mod_timer(&conn->info_timer, jiffies +
457 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
459 l2cap_send_cmd(conn, conn->info_ident,
460 L2CAP_INFO_REQ, sizeof(req), &req);
464 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
466 u32 local_feat_mask = l2cap_feat_mask;
468 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
471 case L2CAP_MODE_ERTM:
472 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
473 case L2CAP_MODE_STREAMING:
474 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
480 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
482 struct l2cap_disconn_req req;
487 skb_queue_purge(TX_QUEUE(sk));
489 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
490 del_timer(&l2cap_pi(sk)->retrans_timer);
491 del_timer(&l2cap_pi(sk)->monitor_timer);
492 del_timer(&l2cap_pi(sk)->ack_timer);
495 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
496 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
497 l2cap_send_cmd(conn, l2cap_get_ident(conn),
498 L2CAP_DISCONN_REQ, sizeof(req), &req);
500 sk->sk_state = BT_DISCONN;
504 /* ---- L2CAP connections ---- */
505 static void l2cap_conn_start(struct l2cap_conn *conn)
507 struct l2cap_chan_list *l = &conn->chan_list;
508 struct sock_del_list del, *tmp1, *tmp2;
511 BT_DBG("conn %p", conn);
513 INIT_LIST_HEAD(&del.list);
517 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
520 if (sk->sk_type != SOCK_SEQPACKET &&
521 sk->sk_type != SOCK_STREAM) {
526 if (sk->sk_state == BT_CONNECT) {
527 struct l2cap_conn_req req;
529 if (!l2cap_check_security(sk) ||
530 !__l2cap_no_conn_pending(sk)) {
535 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
537 && l2cap_pi(sk)->conf_state &
538 L2CAP_CONF_STATE2_DEVICE) {
539 tmp1 = kzalloc(sizeof(struct sock_del_list),
542 list_add_tail(&tmp1->list, &del.list);
547 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
548 req.psm = l2cap_pi(sk)->psm;
550 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
551 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
553 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
554 L2CAP_CONN_REQ, sizeof(req), &req);
556 } else if (sk->sk_state == BT_CONNECT2) {
557 struct l2cap_conn_rsp rsp;
559 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
560 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
562 if (l2cap_check_security(sk)) {
563 if (bt_sk(sk)->defer_setup) {
564 struct sock *parent = bt_sk(sk)->parent;
565 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
567 parent->sk_data_ready(parent, 0);
570 sk->sk_state = BT_CONFIG;
571 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
572 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
575 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
576 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
579 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
580 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
582 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
583 rsp.result != L2CAP_CR_SUCCESS) {
588 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
589 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
590 l2cap_build_conf_req(sk, buf), buf);
591 l2cap_pi(sk)->num_conf_req++;
597 read_unlock(&l->lock);
599 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
600 bh_lock_sock(tmp1->sk);
601 __l2cap_sock_close(tmp1->sk, ECONNRESET);
602 bh_unlock_sock(tmp1->sk);
603 list_del(&tmp1->list);
608 static void l2cap_conn_ready(struct l2cap_conn *conn)
610 struct l2cap_chan_list *l = &conn->chan_list;
613 BT_DBG("conn %p", conn);
617 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
620 if (sk->sk_type != SOCK_SEQPACKET &&
621 sk->sk_type != SOCK_STREAM) {
622 l2cap_sock_clear_timer(sk);
623 sk->sk_state = BT_CONNECTED;
624 sk->sk_state_change(sk);
625 } else if (sk->sk_state == BT_CONNECT)
631 read_unlock(&l->lock);
634 /* Notify sockets that we cannot guaranty reliability anymore */
635 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
637 struct l2cap_chan_list *l = &conn->chan_list;
640 BT_DBG("conn %p", conn);
644 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
645 if (l2cap_pi(sk)->force_reliable)
649 read_unlock(&l->lock);
652 static void l2cap_info_timeout(unsigned long arg)
654 struct l2cap_conn *conn = (void *) arg;
656 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
657 conn->info_ident = 0;
659 l2cap_conn_start(conn);
662 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
664 struct l2cap_conn *conn = hcon->l2cap_data;
669 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
673 hcon->l2cap_data = conn;
676 BT_DBG("hcon %p conn %p", hcon, conn);
678 conn->mtu = hcon->hdev->acl_mtu;
679 conn->src = &hcon->hdev->bdaddr;
680 conn->dst = &hcon->dst;
684 spin_lock_init(&conn->lock);
685 rwlock_init(&conn->chan_list.lock);
687 setup_timer(&conn->info_timer, l2cap_info_timeout,
688 (unsigned long) conn);
690 conn->disc_reason = 0x13;
695 static void l2cap_conn_del(struct hci_conn *hcon, int err)
697 struct l2cap_conn *conn = hcon->l2cap_data;
703 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
705 kfree_skb(conn->rx_skb);
708 while ((sk = conn->chan_list.head)) {
710 l2cap_chan_del(sk, err);
715 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
716 del_timer_sync(&conn->info_timer);
718 hcon->l2cap_data = NULL;
722 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
724 struct l2cap_chan_list *l = &conn->chan_list;
725 write_lock_bh(&l->lock);
726 __l2cap_chan_add(conn, sk, parent);
727 write_unlock_bh(&l->lock);
730 /* ---- Socket interface ---- */
731 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
734 struct hlist_node *node;
735 sk_for_each(sk, node, &l2cap_sk_list.head)
736 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
743 /* Find socket with psm and source bdaddr.
744 * Returns closest match.
746 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
748 struct sock *sk = NULL, *sk1 = NULL;
749 struct hlist_node *node;
751 sk_for_each(sk, node, &l2cap_sk_list.head) {
752 if (state && sk->sk_state != state)
755 if (l2cap_pi(sk)->psm == psm) {
757 if (!bacmp(&bt_sk(sk)->src, src))
761 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
765 return node ? sk : sk1;
768 /* Find socket with given address (psm, src).
769 * Returns locked socket */
770 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
773 read_lock(&l2cap_sk_list.lock);
774 s = __l2cap_get_sock_by_psm(state, psm, src);
777 read_unlock(&l2cap_sk_list.lock);
781 static void l2cap_sock_destruct(struct sock *sk)
785 skb_queue_purge(&sk->sk_receive_queue);
786 skb_queue_purge(&sk->sk_write_queue);
789 static void l2cap_sock_cleanup_listen(struct sock *parent)
793 BT_DBG("parent %p", parent);
795 /* Close not yet accepted channels */
796 while ((sk = bt_accept_dequeue(parent, NULL)))
797 l2cap_sock_close(sk);
799 parent->sk_state = BT_CLOSED;
800 sock_set_flag(parent, SOCK_ZAPPED);
803 /* Kill socket (only if zapped and orphan)
804 * Must be called on unlocked socket.
806 static void l2cap_sock_kill(struct sock *sk)
808 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
811 BT_DBG("sk %p state %d", sk, sk->sk_state);
813 /* Kill poor orphan */
814 bt_sock_unlink(&l2cap_sk_list, sk);
815 sock_set_flag(sk, SOCK_DEAD);
819 static void __l2cap_sock_close(struct sock *sk, int reason)
821 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
823 switch (sk->sk_state) {
825 l2cap_sock_cleanup_listen(sk);
830 if (sk->sk_type == SOCK_SEQPACKET ||
831 sk->sk_type == SOCK_STREAM) {
832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
835 l2cap_send_disconn_req(conn, sk, reason);
837 l2cap_chan_del(sk, reason);
841 if (sk->sk_type == SOCK_SEQPACKET ||
842 sk->sk_type == SOCK_STREAM) {
843 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
844 struct l2cap_conn_rsp rsp;
847 if (bt_sk(sk)->defer_setup)
848 result = L2CAP_CR_SEC_BLOCK;
850 result = L2CAP_CR_BAD_PSM;
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
854 rsp.result = cpu_to_le16(result);
855 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
856 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
857 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
859 l2cap_chan_del(sk, reason);
864 l2cap_chan_del(sk, reason);
868 sock_set_flag(sk, SOCK_ZAPPED);
873 /* Must be called on unlocked socket. */
874 static void l2cap_sock_close(struct sock *sk)
876 l2cap_sock_clear_timer(sk);
878 __l2cap_sock_close(sk, ECONNRESET);
883 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
885 struct l2cap_pinfo *pi = l2cap_pi(sk);
890 sk->sk_type = parent->sk_type;
891 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
893 pi->imtu = l2cap_pi(parent)->imtu;
894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
896 pi->mode = l2cap_pi(parent)->mode;
897 pi->fcs = l2cap_pi(parent)->fcs;
898 pi->max_tx = l2cap_pi(parent)->max_tx;
899 pi->tx_win = l2cap_pi(parent)->tx_win;
900 pi->sec_level = l2cap_pi(parent)->sec_level;
901 pi->role_switch = l2cap_pi(parent)->role_switch;
902 pi->force_reliable = l2cap_pi(parent)->force_reliable;
904 pi->imtu = L2CAP_DEFAULT_MTU;
906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
907 pi->mode = L2CAP_MODE_ERTM;
908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
910 pi->mode = L2CAP_MODE_BASIC;
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
913 pi->fcs = L2CAP_FCS_CRC16;
914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
915 pi->sec_level = BT_SECURITY_LOW;
917 pi->force_reliable = 0;
920 /* Default config options */
922 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
923 skb_queue_head_init(TX_QUEUE(sk));
924 skb_queue_head_init(SREJ_QUEUE(sk));
925 skb_queue_head_init(BUSY_QUEUE(sk));
926 INIT_LIST_HEAD(SREJ_LIST(sk));
929 static struct proto l2cap_proto = {
931 .owner = THIS_MODULE,
932 .obj_size = sizeof(struct l2cap_pinfo)
935 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
939 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
943 sock_init_data(sock, sk);
944 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
946 sk->sk_destruct = l2cap_sock_destruct;
947 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
949 sock_reset_flag(sk, SOCK_ZAPPED);
951 sk->sk_protocol = proto;
952 sk->sk_state = BT_OPEN;
954 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
956 bt_sock_link(&l2cap_sk_list, sk);
960 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
965 BT_DBG("sock %p", sock);
967 sock->state = SS_UNCONNECTED;
969 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
970 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
971 return -ESOCKTNOSUPPORT;
973 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
976 sock->ops = &l2cap_sock_ops;
978 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
982 l2cap_sock_init(sk, NULL);
986 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
988 struct sock *sk = sock->sk;
989 struct sockaddr_l2 la;
994 if (!addr || addr->sa_family != AF_BLUETOOTH)
997 memset(&la, 0, sizeof(la));
998 len = min_t(unsigned int, sizeof(la), alen);
999 memcpy(&la, addr, len);
1006 if (sk->sk_state != BT_OPEN) {
1011 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
1012 !capable(CAP_NET_BIND_SERVICE)) {
1017 write_lock_bh(&l2cap_sk_list.lock);
1019 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1022 /* Save source address */
1023 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
1024 l2cap_pi(sk)->psm = la.l2_psm;
1025 l2cap_pi(sk)->sport = la.l2_psm;
1026 sk->sk_state = BT_BOUND;
1028 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
1029 __le16_to_cpu(la.l2_psm) == 0x0003)
1030 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1033 write_unlock_bh(&l2cap_sk_list.lock);
1040 static int l2cap_do_connect(struct sock *sk)
1042 bdaddr_t *src = &bt_sk(sk)->src;
1043 bdaddr_t *dst = &bt_sk(sk)->dst;
1044 struct l2cap_conn *conn;
1045 struct hci_conn *hcon;
1046 struct hci_dev *hdev;
1050 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
1053 hdev = hci_get_route(dst, src);
1055 return -EHOSTUNREACH;
1057 hci_dev_lock_bh(hdev);
1061 if (sk->sk_type == SOCK_RAW) {
1062 switch (l2cap_pi(sk)->sec_level) {
1063 case BT_SECURITY_HIGH:
1064 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1066 case BT_SECURITY_MEDIUM:
1067 auth_type = HCI_AT_DEDICATED_BONDING;
1070 auth_type = HCI_AT_NO_BONDING;
1073 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1074 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1075 auth_type = HCI_AT_NO_BONDING_MITM;
1077 auth_type = HCI_AT_NO_BONDING;
1079 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1080 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1082 switch (l2cap_pi(sk)->sec_level) {
1083 case BT_SECURITY_HIGH:
1084 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1086 case BT_SECURITY_MEDIUM:
1087 auth_type = HCI_AT_GENERAL_BONDING;
1090 auth_type = HCI_AT_NO_BONDING;
1095 hcon = hci_connect(hdev, ACL_LINK, dst,
1096 l2cap_pi(sk)->sec_level, auth_type);
1100 conn = l2cap_conn_add(hcon, 0);
1108 /* Update source addr of the socket */
1109 bacpy(src, conn->src);
1111 l2cap_chan_add(conn, sk, NULL);
1113 sk->sk_state = BT_CONNECT;
1114 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1116 if (hcon->state == BT_CONNECTED) {
1117 if (sk->sk_type != SOCK_SEQPACKET &&
1118 sk->sk_type != SOCK_STREAM) {
1119 l2cap_sock_clear_timer(sk);
1120 sk->sk_state = BT_CONNECTED;
1126 hci_dev_unlock_bh(hdev);
1131 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1133 struct sock *sk = sock->sk;
1134 struct sockaddr_l2 la;
1137 BT_DBG("sk %p", sk);
1139 if (!addr || alen < sizeof(addr->sa_family) ||
1140 addr->sa_family != AF_BLUETOOTH)
1143 memset(&la, 0, sizeof(la));
1144 len = min_t(unsigned int, sizeof(la), alen);
1145 memcpy(&la, addr, len);
1152 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1158 switch (l2cap_pi(sk)->mode) {
1159 case L2CAP_MODE_BASIC:
1161 case L2CAP_MODE_ERTM:
1162 case L2CAP_MODE_STREAMING:
1171 switch (sk->sk_state) {
1175 /* Already connecting */
1179 /* Already connected */
1193 /* Set destination address and psm */
1194 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1195 l2cap_pi(sk)->psm = la.l2_psm;
1197 err = l2cap_do_connect(sk);
1202 err = bt_sock_wait_state(sk, BT_CONNECTED,
1203 sock_sndtimeo(sk, flags & O_NONBLOCK));
1209 static int l2cap_sock_listen(struct socket *sock, int backlog)
1211 struct sock *sk = sock->sk;
1214 BT_DBG("sk %p backlog %d", sk, backlog);
1218 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1219 || sk->sk_state != BT_BOUND) {
1224 switch (l2cap_pi(sk)->mode) {
1225 case L2CAP_MODE_BASIC:
1227 case L2CAP_MODE_ERTM:
1228 case L2CAP_MODE_STREAMING:
1237 if (!l2cap_pi(sk)->psm) {
1238 bdaddr_t *src = &bt_sk(sk)->src;
1243 write_lock_bh(&l2cap_sk_list.lock);
1245 for (psm = 0x1001; psm < 0x1100; psm += 2)
1246 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1247 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1248 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1253 write_unlock_bh(&l2cap_sk_list.lock);
1259 sk->sk_max_ack_backlog = backlog;
1260 sk->sk_ack_backlog = 0;
1261 sk->sk_state = BT_LISTEN;
1268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1270 DECLARE_WAITQUEUE(wait, current);
1271 struct sock *sk = sock->sk, *nsk;
1275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1277 if (sk->sk_state != BT_LISTEN) {
1282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1284 BT_DBG("sk %p timeo %ld", sk, timeo);
1286 /* Wait for an incoming connection. (wake-one). */
1287 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1288 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1289 set_current_state(TASK_INTERRUPTIBLE);
1296 timeo = schedule_timeout(timeo);
1297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1299 if (sk->sk_state != BT_LISTEN) {
1304 if (signal_pending(current)) {
1305 err = sock_intr_errno(timeo);
1309 set_current_state(TASK_RUNNING);
1310 remove_wait_queue(sk_sleep(sk), &wait);
1315 newsock->state = SS_CONNECTED;
1317 BT_DBG("new socket %p", nsk);
1324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1327 struct sock *sk = sock->sk;
1329 BT_DBG("sock %p, sk %p", sock, sk);
1331 addr->sa_family = AF_BLUETOOTH;
1332 *len = sizeof(struct sockaddr_l2);
1335 la->l2_psm = l2cap_pi(sk)->psm;
1336 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1337 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1339 la->l2_psm = l2cap_pi(sk)->sport;
1340 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1341 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1347 static int __l2cap_wait_ack(struct sock *sk)
1349 DECLARE_WAITQUEUE(wait, current);
1353 add_wait_queue(sk_sleep(sk), &wait);
1354 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1355 set_current_state(TASK_INTERRUPTIBLE);
1360 if (signal_pending(current)) {
1361 err = sock_intr_errno(timeo);
1366 timeo = schedule_timeout(timeo);
1369 err = sock_error(sk);
1373 set_current_state(TASK_RUNNING);
1374 remove_wait_queue(sk_sleep(sk), &wait);
1378 static void l2cap_monitor_timeout(unsigned long arg)
1380 struct sock *sk = (void *) arg;
1382 BT_DBG("sk %p", sk);
1385 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1386 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1391 l2cap_pi(sk)->retry_count++;
1392 __mod_monitor_timer();
1394 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1398 static void l2cap_retrans_timeout(unsigned long arg)
1400 struct sock *sk = (void *) arg;
1402 BT_DBG("sk %p", sk);
1405 l2cap_pi(sk)->retry_count = 1;
1406 __mod_monitor_timer();
1408 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1410 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1414 static void l2cap_drop_acked_frames(struct sock *sk)
1416 struct sk_buff *skb;
1418 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1419 l2cap_pi(sk)->unacked_frames) {
1420 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1423 skb = skb_dequeue(TX_QUEUE(sk));
1426 l2cap_pi(sk)->unacked_frames--;
1429 if (!l2cap_pi(sk)->unacked_frames)
1430 del_timer(&l2cap_pi(sk)->retrans_timer);
1433 static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1435 struct l2cap_pinfo *pi = l2cap_pi(sk);
1437 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1439 hci_send_acl(pi->conn->hcon, skb, 0);
1442 static void l2cap_streaming_send(struct sock *sk)
1444 struct sk_buff *skb, *tx_skb;
1445 struct l2cap_pinfo *pi = l2cap_pi(sk);
1448 while ((skb = sk->sk_send_head)) {
1449 tx_skb = skb_clone(skb, GFP_ATOMIC);
1451 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1452 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1453 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1455 if (pi->fcs == L2CAP_FCS_CRC16) {
1456 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1457 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1460 l2cap_do_send(sk, tx_skb);
1462 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1464 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1465 sk->sk_send_head = NULL;
1467 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1469 skb = skb_dequeue(TX_QUEUE(sk));
1474 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1476 struct l2cap_pinfo *pi = l2cap_pi(sk);
1477 struct sk_buff *skb, *tx_skb;
1480 skb = skb_peek(TX_QUEUE(sk));
1485 if (bt_cb(skb)->tx_seq == tx_seq)
1488 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1491 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1493 if (pi->remote_max_tx &&
1494 bt_cb(skb)->retries == pi->remote_max_tx) {
1495 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1499 tx_skb = skb_clone(skb, GFP_ATOMIC);
1500 bt_cb(skb)->retries++;
1501 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1503 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1504 control |= L2CAP_CTRL_FINAL;
1505 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1508 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1509 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1511 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1513 if (pi->fcs == L2CAP_FCS_CRC16) {
1514 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1515 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1518 l2cap_do_send(sk, tx_skb);
1521 static int l2cap_ertm_send(struct sock *sk)
1523 struct sk_buff *skb, *tx_skb;
1524 struct l2cap_pinfo *pi = l2cap_pi(sk);
1528 if (sk->sk_state != BT_CONNECTED)
1531 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1533 if (pi->remote_max_tx &&
1534 bt_cb(skb)->retries == pi->remote_max_tx) {
1535 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1539 tx_skb = skb_clone(skb, GFP_ATOMIC);
1541 bt_cb(skb)->retries++;
1543 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1544 control &= L2CAP_CTRL_SAR;
1546 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1547 control |= L2CAP_CTRL_FINAL;
1548 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1550 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1551 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1552 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1555 if (pi->fcs == L2CAP_FCS_CRC16) {
1556 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1557 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1560 l2cap_do_send(sk, tx_skb);
1562 __mod_retrans_timer();
1564 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1565 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1567 pi->unacked_frames++;
1570 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1571 sk->sk_send_head = NULL;
1573 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1581 static int l2cap_retransmit_frames(struct sock *sk)
1583 struct l2cap_pinfo *pi = l2cap_pi(sk);
1586 if (!skb_queue_empty(TX_QUEUE(sk)))
1587 sk->sk_send_head = TX_QUEUE(sk)->next;
1589 pi->next_tx_seq = pi->expected_ack_seq;
1590 ret = l2cap_ertm_send(sk);
1594 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1596 struct sock *sk = (struct sock *)pi;
1599 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1601 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1602 control |= L2CAP_SUPER_RCV_NOT_READY;
1603 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1604 l2cap_send_sframe(pi, control);
1608 if (l2cap_ertm_send(sk) > 0)
1611 control |= L2CAP_SUPER_RCV_READY;
1612 l2cap_send_sframe(pi, control);
1615 static void l2cap_send_srejtail(struct sock *sk)
1617 struct srej_list *tail;
1620 control = L2CAP_SUPER_SELECT_REJECT;
1621 control |= L2CAP_CTRL_FINAL;
1623 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1624 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1626 l2cap_send_sframe(l2cap_pi(sk), control);
1629 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1631 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1632 struct sk_buff **frag;
1635 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1641 /* Continuation fragments (no L2CAP header) */
1642 frag = &skb_shinfo(skb)->frag_list;
1644 count = min_t(unsigned int, conn->mtu, len);
1646 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1649 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1655 frag = &(*frag)->next;
1661 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1663 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1664 struct sk_buff *skb;
1665 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1666 struct l2cap_hdr *lh;
1668 BT_DBG("sk %p len %d", sk, (int)len);
1670 count = min_t(unsigned int, (conn->mtu - hlen), len);
1671 skb = bt_skb_send_alloc(sk, count + hlen,
1672 msg->msg_flags & MSG_DONTWAIT, &err);
1674 return ERR_PTR(-ENOMEM);
1676 /* Create L2CAP header */
1677 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1678 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1679 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1680 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1682 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1683 if (unlikely(err < 0)) {
1685 return ERR_PTR(err);
1690 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1692 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1693 struct sk_buff *skb;
1694 int err, count, hlen = L2CAP_HDR_SIZE;
1695 struct l2cap_hdr *lh;
1697 BT_DBG("sk %p len %d", sk, (int)len);
1699 count = min_t(unsigned int, (conn->mtu - hlen), len);
1700 skb = bt_skb_send_alloc(sk, count + hlen,
1701 msg->msg_flags & MSG_DONTWAIT, &err);
1703 return ERR_PTR(-ENOMEM);
1705 /* Create L2CAP header */
1706 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1707 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1708 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1710 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1711 if (unlikely(err < 0)) {
1713 return ERR_PTR(err);
1718 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1720 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1721 struct sk_buff *skb;
1722 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1723 struct l2cap_hdr *lh;
1725 BT_DBG("sk %p len %d", sk, (int)len);
1728 return ERR_PTR(-ENOTCONN);
1733 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1736 count = min_t(unsigned int, (conn->mtu - hlen), len);
1737 skb = bt_skb_send_alloc(sk, count + hlen,
1738 msg->msg_flags & MSG_DONTWAIT, &err);
1740 return ERR_PTR(-ENOMEM);
1742 /* Create L2CAP header */
1743 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1744 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1745 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1746 put_unaligned_le16(control, skb_put(skb, 2));
1748 put_unaligned_le16(sdulen, skb_put(skb, 2));
1750 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1751 if (unlikely(err < 0)) {
1753 return ERR_PTR(err);
1756 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1757 put_unaligned_le16(0, skb_put(skb, 2));
1759 bt_cb(skb)->retries = 0;
1763 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1765 struct l2cap_pinfo *pi = l2cap_pi(sk);
1766 struct sk_buff *skb;
1767 struct sk_buff_head sar_queue;
1771 skb_queue_head_init(&sar_queue);
1772 control = L2CAP_SDU_START;
1773 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1775 return PTR_ERR(skb);
1777 __skb_queue_tail(&sar_queue, skb);
1778 len -= pi->remote_mps;
1779 size += pi->remote_mps;
1784 if (len > pi->remote_mps) {
1785 control = L2CAP_SDU_CONTINUE;
1786 buflen = pi->remote_mps;
1788 control = L2CAP_SDU_END;
1792 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1794 skb_queue_purge(&sar_queue);
1795 return PTR_ERR(skb);
1798 __skb_queue_tail(&sar_queue, skb);
1802 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1803 if (sk->sk_send_head == NULL)
1804 sk->sk_send_head = sar_queue.next;
1809 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1811 struct sock *sk = sock->sk;
1812 struct l2cap_pinfo *pi = l2cap_pi(sk);
1813 struct sk_buff *skb;
1817 BT_DBG("sock %p, sk %p", sock, sk);
1819 err = sock_error(sk);
1823 if (msg->msg_flags & MSG_OOB)
1828 if (sk->sk_state != BT_CONNECTED) {
1833 /* Connectionless channel */
1834 if (sk->sk_type == SOCK_DGRAM) {
1835 skb = l2cap_create_connless_pdu(sk, msg, len);
1839 l2cap_do_send(sk, skb);
1846 case L2CAP_MODE_BASIC:
1847 /* Check outgoing MTU */
1848 if (len > pi->omtu) {
1853 /* Create a basic PDU */
1854 skb = l2cap_create_basic_pdu(sk, msg, len);
1860 l2cap_do_send(sk, skb);
1864 case L2CAP_MODE_ERTM:
1865 case L2CAP_MODE_STREAMING:
1866 /* Entire SDU fits into one PDU */
1867 if (len <= pi->remote_mps) {
1868 control = L2CAP_SDU_UNSEGMENTED;
1869 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1874 __skb_queue_tail(TX_QUEUE(sk), skb);
1876 if (sk->sk_send_head == NULL)
1877 sk->sk_send_head = skb;
1880 /* Segment SDU into multiples PDUs */
1881 err = l2cap_sar_segment_sdu(sk, msg, len);
1886 if (pi->mode == L2CAP_MODE_STREAMING) {
1887 l2cap_streaming_send(sk);
1889 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1890 pi->conn_state && L2CAP_CONN_WAIT_F) {
1894 err = l2cap_ertm_send(sk);
1902 BT_DBG("bad state %1.1x", pi->mode);
1911 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1913 struct sock *sk = sock->sk;
1917 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1918 struct l2cap_conn_rsp rsp;
1919 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1922 sk->sk_state = BT_CONFIG;
1924 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1925 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1926 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1927 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1928 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1929 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1931 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1936 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1937 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1938 l2cap_build_conf_req(sk, buf), buf);
1939 l2cap_pi(sk)->num_conf_req++;
1947 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1950 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1952 struct sock *sk = sock->sk;
1953 struct l2cap_options opts;
1957 BT_DBG("sk %p", sk);
1963 opts.imtu = l2cap_pi(sk)->imtu;
1964 opts.omtu = l2cap_pi(sk)->omtu;
1965 opts.flush_to = l2cap_pi(sk)->flush_to;
1966 opts.mode = l2cap_pi(sk)->mode;
1967 opts.fcs = l2cap_pi(sk)->fcs;
1968 opts.max_tx = l2cap_pi(sk)->max_tx;
1969 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1971 len = min_t(unsigned int, sizeof(opts), optlen);
1972 if (copy_from_user((char *) &opts, optval, len)) {
1977 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1982 l2cap_pi(sk)->mode = opts.mode;
1983 switch (l2cap_pi(sk)->mode) {
1984 case L2CAP_MODE_BASIC:
1985 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
1987 case L2CAP_MODE_ERTM:
1988 case L2CAP_MODE_STREAMING:
1997 l2cap_pi(sk)->imtu = opts.imtu;
1998 l2cap_pi(sk)->omtu = opts.omtu;
1999 l2cap_pi(sk)->fcs = opts.fcs;
2000 l2cap_pi(sk)->max_tx = opts.max_tx;
2001 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
2005 if (get_user(opt, (u32 __user *) optval)) {
2010 if (opt & L2CAP_LM_AUTH)
2011 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
2012 if (opt & L2CAP_LM_ENCRYPT)
2013 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
2014 if (opt & L2CAP_LM_SECURE)
2015 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
2017 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
2018 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
2030 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
2032 struct sock *sk = sock->sk;
2033 struct bt_security sec;
2037 BT_DBG("sk %p", sk);
2039 if (level == SOL_L2CAP)
2040 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
2042 if (level != SOL_BLUETOOTH)
2043 return -ENOPROTOOPT;
2049 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2050 && sk->sk_type != SOCK_RAW) {
2055 sec.level = BT_SECURITY_LOW;
2057 len = min_t(unsigned int, sizeof(sec), optlen);
2058 if (copy_from_user((char *) &sec, optval, len)) {
2063 if (sec.level < BT_SECURITY_LOW ||
2064 sec.level > BT_SECURITY_HIGH) {
2069 l2cap_pi(sk)->sec_level = sec.level;
2072 case BT_DEFER_SETUP:
2073 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2078 if (get_user(opt, (u32 __user *) optval)) {
2083 bt_sk(sk)->defer_setup = opt;
2095 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
2097 struct sock *sk = sock->sk;
2098 struct l2cap_options opts;
2099 struct l2cap_conninfo cinfo;
2103 BT_DBG("sk %p", sk);
2105 if (get_user(len, optlen))
2112 opts.imtu = l2cap_pi(sk)->imtu;
2113 opts.omtu = l2cap_pi(sk)->omtu;
2114 opts.flush_to = l2cap_pi(sk)->flush_to;
2115 opts.mode = l2cap_pi(sk)->mode;
2116 opts.fcs = l2cap_pi(sk)->fcs;
2117 opts.max_tx = l2cap_pi(sk)->max_tx;
2118 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
2120 len = min_t(unsigned int, len, sizeof(opts));
2121 if (copy_to_user(optval, (char *) &opts, len))
2127 switch (l2cap_pi(sk)->sec_level) {
2128 case BT_SECURITY_LOW:
2129 opt = L2CAP_LM_AUTH;
2131 case BT_SECURITY_MEDIUM:
2132 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
2134 case BT_SECURITY_HIGH:
2135 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2143 if (l2cap_pi(sk)->role_switch)
2144 opt |= L2CAP_LM_MASTER;
2146 if (l2cap_pi(sk)->force_reliable)
2147 opt |= L2CAP_LM_RELIABLE;
2149 if (put_user(opt, (u32 __user *) optval))
2153 case L2CAP_CONNINFO:
2154 if (sk->sk_state != BT_CONNECTED &&
2155 !(sk->sk_state == BT_CONNECT2 &&
2156 bt_sk(sk)->defer_setup)) {
2161 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
2162 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
2164 len = min_t(unsigned int, len, sizeof(cinfo));
2165 if (copy_to_user(optval, (char *) &cinfo, len))
2179 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
2181 struct sock *sk = sock->sk;
2182 struct bt_security sec;
2185 BT_DBG("sk %p", sk);
2187 if (level == SOL_L2CAP)
2188 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
2190 if (level != SOL_BLUETOOTH)
2191 return -ENOPROTOOPT;
2193 if (get_user(len, optlen))
2200 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2201 && sk->sk_type != SOCK_RAW) {
2206 sec.level = l2cap_pi(sk)->sec_level;
2208 len = min_t(unsigned int, len, sizeof(sec));
2209 if (copy_to_user(optval, (char *) &sec, len))
2214 case BT_DEFER_SETUP:
2215 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2220 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2234 static int l2cap_sock_shutdown(struct socket *sock, int how)
2236 struct sock *sk = sock->sk;
2239 BT_DBG("sock %p, sk %p", sock, sk);
2245 if (!sk->sk_shutdown) {
2246 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2247 err = __l2cap_wait_ack(sk);
2249 sk->sk_shutdown = SHUTDOWN_MASK;
2250 l2cap_sock_clear_timer(sk);
2251 __l2cap_sock_close(sk, 0);
2253 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2254 err = bt_sock_wait_state(sk, BT_CLOSED,
2258 if (!err && sk->sk_err)
2265 static int l2cap_sock_release(struct socket *sock)
2267 struct sock *sk = sock->sk;
2270 BT_DBG("sock %p, sk %p", sock, sk);
2275 err = l2cap_sock_shutdown(sock, 2);
2278 l2cap_sock_kill(sk);
2282 static void l2cap_chan_ready(struct sock *sk)
2284 struct sock *parent = bt_sk(sk)->parent;
2286 BT_DBG("sk %p, parent %p", sk, parent);
2288 l2cap_pi(sk)->conf_state = 0;
2289 l2cap_sock_clear_timer(sk);
2292 /* Outgoing channel.
2293 * Wake up socket sleeping on connect.
2295 sk->sk_state = BT_CONNECTED;
2296 sk->sk_state_change(sk);
2298 /* Incoming channel.
2299 * Wake up socket sleeping on accept.
2301 parent->sk_data_ready(parent, 0);
2305 /* Copy frame to all raw sockets on that connection */
2306 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2308 struct l2cap_chan_list *l = &conn->chan_list;
2309 struct sk_buff *nskb;
2312 BT_DBG("conn %p", conn);
2314 read_lock(&l->lock);
2315 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2316 if (sk->sk_type != SOCK_RAW)
2319 /* Don't send frame to the socket it came from */
2322 nskb = skb_clone(skb, GFP_ATOMIC);
2326 if (sock_queue_rcv_skb(sk, nskb))
2329 read_unlock(&l->lock);
2332 /* ---- L2CAP signalling commands ---- */
2333 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2334 u8 code, u8 ident, u16 dlen, void *data)
2336 struct sk_buff *skb, **frag;
2337 struct l2cap_cmd_hdr *cmd;
2338 struct l2cap_hdr *lh;
2341 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2342 conn, code, ident, dlen);
2344 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2345 count = min_t(unsigned int, conn->mtu, len);
2347 skb = bt_skb_alloc(count, GFP_ATOMIC);
2351 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2352 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2353 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2355 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2358 cmd->len = cpu_to_le16(dlen);
2361 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2362 memcpy(skb_put(skb, count), data, count);
2368 /* Continuation fragments (no L2CAP header) */
2369 frag = &skb_shinfo(skb)->frag_list;
2371 count = min_t(unsigned int, conn->mtu, len);
2373 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2377 memcpy(skb_put(*frag, count), data, count);
2382 frag = &(*frag)->next;
2392 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2394 struct l2cap_conf_opt *opt = *ptr;
2397 len = L2CAP_CONF_OPT_SIZE + opt->len;
2405 *val = *((u8 *) opt->val);
2409 *val = __le16_to_cpu(*((__le16 *) opt->val));
2413 *val = __le32_to_cpu(*((__le32 *) opt->val));
2417 *val = (unsigned long) opt->val;
2421 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2425 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2427 struct l2cap_conf_opt *opt = *ptr;
2429 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2436 *((u8 *) opt->val) = val;
2440 *((__le16 *) opt->val) = cpu_to_le16(val);
2444 *((__le32 *) opt->val) = cpu_to_le32(val);
2448 memcpy(opt->val, (void *) val, len);
2452 *ptr += L2CAP_CONF_OPT_SIZE + len;
2455 static void l2cap_ack_timeout(unsigned long arg)
2457 struct sock *sk = (void *) arg;
2460 l2cap_send_ack(l2cap_pi(sk));
2464 static inline void l2cap_ertm_init(struct sock *sk)
2466 l2cap_pi(sk)->expected_ack_seq = 0;
2467 l2cap_pi(sk)->unacked_frames = 0;
2468 l2cap_pi(sk)->buffer_seq = 0;
2469 l2cap_pi(sk)->num_acked = 0;
2470 l2cap_pi(sk)->frames_sent = 0;
2472 setup_timer(&l2cap_pi(sk)->retrans_timer,
2473 l2cap_retrans_timeout, (unsigned long) sk);
2474 setup_timer(&l2cap_pi(sk)->monitor_timer,
2475 l2cap_monitor_timeout, (unsigned long) sk);
2476 setup_timer(&l2cap_pi(sk)->ack_timer,
2477 l2cap_ack_timeout, (unsigned long) sk);
2479 __skb_queue_head_init(SREJ_QUEUE(sk));
2480 __skb_queue_head_init(BUSY_QUEUE(sk));
2482 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2484 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2487 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2490 case L2CAP_MODE_STREAMING:
2491 case L2CAP_MODE_ERTM:
2492 if (l2cap_mode_supported(mode, remote_feat_mask))
2496 return L2CAP_MODE_BASIC;
2500 static int l2cap_build_conf_req(struct sock *sk, void *data)
2502 struct l2cap_pinfo *pi = l2cap_pi(sk);
2503 struct l2cap_conf_req *req = data;
2504 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2505 void *ptr = req->data;
2507 BT_DBG("sk %p", sk);
2509 if (pi->num_conf_req || pi->num_conf_rsp)
2513 case L2CAP_MODE_STREAMING:
2514 case L2CAP_MODE_ERTM:
2515 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2520 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2526 case L2CAP_MODE_BASIC:
2527 if (pi->imtu != L2CAP_DEFAULT_MTU)
2528 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2530 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2531 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
2534 rfc.mode = L2CAP_MODE_BASIC;
2536 rfc.max_transmit = 0;
2537 rfc.retrans_timeout = 0;
2538 rfc.monitor_timeout = 0;
2539 rfc.max_pdu_size = 0;
2541 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2542 (unsigned long) &rfc);
2545 case L2CAP_MODE_ERTM:
2546 rfc.mode = L2CAP_MODE_ERTM;
2547 rfc.txwin_size = pi->tx_win;
2548 rfc.max_transmit = pi->max_tx;
2549 rfc.retrans_timeout = 0;
2550 rfc.monitor_timeout = 0;
2551 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2552 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2553 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2555 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2556 (unsigned long) &rfc);
2558 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2561 if (pi->fcs == L2CAP_FCS_NONE ||
2562 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2563 pi->fcs = L2CAP_FCS_NONE;
2564 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2568 case L2CAP_MODE_STREAMING:
2569 rfc.mode = L2CAP_MODE_STREAMING;
2571 rfc.max_transmit = 0;
2572 rfc.retrans_timeout = 0;
2573 rfc.monitor_timeout = 0;
2574 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2575 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2576 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2578 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2579 (unsigned long) &rfc);
2581 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2584 if (pi->fcs == L2CAP_FCS_NONE ||
2585 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2586 pi->fcs = L2CAP_FCS_NONE;
2587 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2592 /* FIXME: Need actual value of the flush timeout */
2593 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2594 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2596 req->dcid = cpu_to_le16(pi->dcid);
2597 req->flags = cpu_to_le16(0);
2602 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2604 struct l2cap_pinfo *pi = l2cap_pi(sk);
2605 struct l2cap_conf_rsp *rsp = data;
2606 void *ptr = rsp->data;
2607 void *req = pi->conf_req;
2608 int len = pi->conf_len;
2609 int type, hint, olen;
2611 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2612 u16 mtu = L2CAP_DEFAULT_MTU;
2613 u16 result = L2CAP_CONF_SUCCESS;
2615 BT_DBG("sk %p", sk);
2617 while (len >= L2CAP_CONF_OPT_SIZE) {
2618 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2620 hint = type & L2CAP_CONF_HINT;
2621 type &= L2CAP_CONF_MASK;
2624 case L2CAP_CONF_MTU:
2628 case L2CAP_CONF_FLUSH_TO:
2632 case L2CAP_CONF_QOS:
2635 case L2CAP_CONF_RFC:
2636 if (olen == sizeof(rfc))
2637 memcpy(&rfc, (void *) val, olen);
2640 case L2CAP_CONF_FCS:
2641 if (val == L2CAP_FCS_NONE)
2642 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2650 result = L2CAP_CONF_UNKNOWN;
2651 *((u8 *) ptr++) = type;
2656 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2660 case L2CAP_MODE_STREAMING:
2661 case L2CAP_MODE_ERTM:
2662 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2663 pi->mode = l2cap_select_mode(rfc.mode,
2664 pi->conn->feat_mask);
2668 if (pi->mode != rfc.mode)
2669 return -ECONNREFUSED;
2675 if (pi->mode != rfc.mode) {
2676 result = L2CAP_CONF_UNACCEPT;
2677 rfc.mode = pi->mode;
2679 if (pi->num_conf_rsp == 1)
2680 return -ECONNREFUSED;
2682 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2683 sizeof(rfc), (unsigned long) &rfc);
2687 if (result == L2CAP_CONF_SUCCESS) {
2688 /* Configure output options and let the other side know
2689 * which ones we don't like. */
2691 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2692 result = L2CAP_CONF_UNACCEPT;
2695 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2697 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2700 case L2CAP_MODE_BASIC:
2701 pi->fcs = L2CAP_FCS_NONE;
2702 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2705 case L2CAP_MODE_ERTM:
2706 pi->remote_tx_win = rfc.txwin_size;
2707 pi->remote_max_tx = rfc.max_transmit;
2709 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2710 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2712 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2714 rfc.retrans_timeout =
2715 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2716 rfc.monitor_timeout =
2717 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2719 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2721 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2722 sizeof(rfc), (unsigned long) &rfc);
2726 case L2CAP_MODE_STREAMING:
2727 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2728 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2730 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2732 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2734 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2735 sizeof(rfc), (unsigned long) &rfc);
2740 result = L2CAP_CONF_UNACCEPT;
2742 memset(&rfc, 0, sizeof(rfc));
2743 rfc.mode = pi->mode;
2746 if (result == L2CAP_CONF_SUCCESS)
2747 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2749 rsp->scid = cpu_to_le16(pi->dcid);
2750 rsp->result = cpu_to_le16(result);
2751 rsp->flags = cpu_to_le16(0x0000);
2756 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2758 struct l2cap_pinfo *pi = l2cap_pi(sk);
2759 struct l2cap_conf_req *req = data;
2760 void *ptr = req->data;
2763 struct l2cap_conf_rfc rfc;
2765 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2767 while (len >= L2CAP_CONF_OPT_SIZE) {
2768 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2771 case L2CAP_CONF_MTU:
2772 if (val < L2CAP_DEFAULT_MIN_MTU) {
2773 *result = L2CAP_CONF_UNACCEPT;
2774 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2777 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2780 case L2CAP_CONF_FLUSH_TO:
2782 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2786 case L2CAP_CONF_RFC:
2787 if (olen == sizeof(rfc))
2788 memcpy(&rfc, (void *)val, olen);
2790 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2791 rfc.mode != pi->mode)
2792 return -ECONNREFUSED;
2796 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2797 sizeof(rfc), (unsigned long) &rfc);
2802 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2803 return -ECONNREFUSED;
2805 pi->mode = rfc.mode;
2807 if (*result == L2CAP_CONF_SUCCESS) {
2809 case L2CAP_MODE_ERTM:
2810 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2811 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2812 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2814 case L2CAP_MODE_STREAMING:
2815 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2819 req->dcid = cpu_to_le16(pi->dcid);
2820 req->flags = cpu_to_le16(0x0000);
2825 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2827 struct l2cap_conf_rsp *rsp = data;
2828 void *ptr = rsp->data;
2830 BT_DBG("sk %p", sk);
2832 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2833 rsp->result = cpu_to_le16(result);
2834 rsp->flags = cpu_to_le16(flags);
2839 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2841 struct l2cap_pinfo *pi = l2cap_pi(sk);
2844 struct l2cap_conf_rfc rfc;
2846 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2848 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2851 while (len >= L2CAP_CONF_OPT_SIZE) {
2852 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2855 case L2CAP_CONF_RFC:
2856 if (olen == sizeof(rfc))
2857 memcpy(&rfc, (void *)val, olen);
2864 case L2CAP_MODE_ERTM:
2865 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2866 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2867 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2869 case L2CAP_MODE_STREAMING:
2870 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2874 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2876 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2878 if (rej->reason != 0x0000)
2881 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2882 cmd->ident == conn->info_ident) {
2883 del_timer(&conn->info_timer);
2885 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2886 conn->info_ident = 0;
2888 l2cap_conn_start(conn);
2894 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2896 struct l2cap_chan_list *list = &conn->chan_list;
2897 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2898 struct l2cap_conn_rsp rsp;
2899 struct sock *parent, *uninitialized_var(sk);
2900 int result, status = L2CAP_CS_NO_INFO;
2902 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2903 __le16 psm = req->psm;
2905 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2907 /* Check if we have socket listening on psm */
2908 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2910 result = L2CAP_CR_BAD_PSM;
2914 /* Check if the ACL is secure enough (if not SDP) */
2915 if (psm != cpu_to_le16(0x0001) &&
2916 !hci_conn_check_link_mode(conn->hcon)) {
2917 conn->disc_reason = 0x05;
2918 result = L2CAP_CR_SEC_BLOCK;
2922 result = L2CAP_CR_NO_MEM;
2924 /* Check for backlog size */
2925 if (sk_acceptq_is_full(parent)) {
2926 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2930 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2934 write_lock_bh(&list->lock);
2936 /* Check if we already have channel with that dcid */
2937 if (__l2cap_get_chan_by_dcid(list, scid)) {
2938 write_unlock_bh(&list->lock);
2939 sock_set_flag(sk, SOCK_ZAPPED);
2940 l2cap_sock_kill(sk);
2944 hci_conn_hold(conn->hcon);
2946 l2cap_sock_init(sk, parent);
2947 bacpy(&bt_sk(sk)->src, conn->src);
2948 bacpy(&bt_sk(sk)->dst, conn->dst);
2949 l2cap_pi(sk)->psm = psm;
2950 l2cap_pi(sk)->dcid = scid;
2952 __l2cap_chan_add(conn, sk, parent);
2953 dcid = l2cap_pi(sk)->scid;
2955 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2957 l2cap_pi(sk)->ident = cmd->ident;
2959 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2960 if (l2cap_check_security(sk)) {
2961 if (bt_sk(sk)->defer_setup) {
2962 sk->sk_state = BT_CONNECT2;
2963 result = L2CAP_CR_PEND;
2964 status = L2CAP_CS_AUTHOR_PEND;
2965 parent->sk_data_ready(parent, 0);
2967 sk->sk_state = BT_CONFIG;
2968 result = L2CAP_CR_SUCCESS;
2969 status = L2CAP_CS_NO_INFO;
2972 sk->sk_state = BT_CONNECT2;
2973 result = L2CAP_CR_PEND;
2974 status = L2CAP_CS_AUTHEN_PEND;
2977 sk->sk_state = BT_CONNECT2;
2978 result = L2CAP_CR_PEND;
2979 status = L2CAP_CS_NO_INFO;
2982 write_unlock_bh(&list->lock);
2985 bh_unlock_sock(parent);
2988 rsp.scid = cpu_to_le16(scid);
2989 rsp.dcid = cpu_to_le16(dcid);
2990 rsp.result = cpu_to_le16(result);
2991 rsp.status = cpu_to_le16(status);
2992 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2994 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2995 struct l2cap_info_req info;
2996 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2998 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2999 conn->info_ident = l2cap_get_ident(conn);
3001 mod_timer(&conn->info_timer, jiffies +
3002 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
3004 l2cap_send_cmd(conn, conn->info_ident,
3005 L2CAP_INFO_REQ, sizeof(info), &info);
3008 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3009 result == L2CAP_CR_SUCCESS) {
3011 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3012 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3013 l2cap_build_conf_req(sk, buf), buf);
3014 l2cap_pi(sk)->num_conf_req++;
3020 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3022 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3023 u16 scid, dcid, result, status;
3027 scid = __le16_to_cpu(rsp->scid);
3028 dcid = __le16_to_cpu(rsp->dcid);
3029 result = __le16_to_cpu(rsp->result);
3030 status = __le16_to_cpu(rsp->status);
3032 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
3035 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3039 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
3045 case L2CAP_CR_SUCCESS:
3046 sk->sk_state = BT_CONFIG;
3047 l2cap_pi(sk)->ident = 0;
3048 l2cap_pi(sk)->dcid = dcid;
3049 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
3051 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3054 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3056 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3057 l2cap_build_conf_req(sk, req), req);
3058 l2cap_pi(sk)->num_conf_req++;
3062 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3066 l2cap_chan_del(sk, ECONNREFUSED);
3074 static inline void set_default_fcs(struct l2cap_pinfo *pi)
3076 /* FCS is enabled only in ERTM or streaming mode, if one or both
3079 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
3080 pi->fcs = L2CAP_FCS_NONE;
3081 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
3082 pi->fcs = L2CAP_FCS_CRC16;
3085 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3087 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3093 dcid = __le16_to_cpu(req->dcid);
3094 flags = __le16_to_cpu(req->flags);
3096 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3098 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3102 if (sk->sk_state != BT_CONFIG) {
3103 struct l2cap_cmd_rej rej;
3105 rej.reason = cpu_to_le16(0x0002);
3106 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3111 /* Reject if config buffer is too small. */
3112 len = cmd_len - sizeof(*req);
3113 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
3114 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3115 l2cap_build_conf_rsp(sk, rsp,
3116 L2CAP_CONF_REJECT, flags), rsp);
3121 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
3122 l2cap_pi(sk)->conf_len += len;
3124 if (flags & 0x0001) {
3125 /* Incomplete config. Send empty response. */
3126 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3127 l2cap_build_conf_rsp(sk, rsp,
3128 L2CAP_CONF_SUCCESS, 0x0001), rsp);
3132 /* Complete config. */
3133 len = l2cap_parse_conf_req(sk, rsp);
3135 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3139 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3140 l2cap_pi(sk)->num_conf_rsp++;
3142 /* Reset config buffer. */
3143 l2cap_pi(sk)->conf_len = 0;
3145 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
3148 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
3149 set_default_fcs(l2cap_pi(sk));
3151 sk->sk_state = BT_CONNECTED;
3153 l2cap_pi(sk)->next_tx_seq = 0;
3154 l2cap_pi(sk)->expected_tx_seq = 0;
3155 __skb_queue_head_init(TX_QUEUE(sk));
3156 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3157 l2cap_ertm_init(sk);
3159 l2cap_chan_ready(sk);
3163 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
3165 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3166 l2cap_build_conf_req(sk, buf), buf);
3167 l2cap_pi(sk)->num_conf_req++;
3175 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3177 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3178 u16 scid, flags, result;
3180 int len = cmd->len - sizeof(*rsp);
3182 scid = __le16_to_cpu(rsp->scid);
3183 flags = __le16_to_cpu(rsp->flags);
3184 result = __le16_to_cpu(rsp->result);
3186 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
3187 scid, flags, result);
3189 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3194 case L2CAP_CONF_SUCCESS:
3195 l2cap_conf_rfc_get(sk, rsp->data, len);
3198 case L2CAP_CONF_UNACCEPT:
3199 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
3202 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3203 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3207 /* throw out any old stored conf requests */
3208 result = L2CAP_CONF_SUCCESS;
3209 len = l2cap_parse_conf_rsp(sk, rsp->data,
3212 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3216 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3217 L2CAP_CONF_REQ, len, req);
3218 l2cap_pi(sk)->num_conf_req++;
3219 if (result != L2CAP_CONF_SUCCESS)
3225 sk->sk_err = ECONNRESET;
3226 l2cap_sock_set_timer(sk, HZ * 5);
3227 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3234 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
3236 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
3237 set_default_fcs(l2cap_pi(sk));
3239 sk->sk_state = BT_CONNECTED;
3240 l2cap_pi(sk)->next_tx_seq = 0;
3241 l2cap_pi(sk)->expected_tx_seq = 0;
3242 __skb_queue_head_init(TX_QUEUE(sk));
3243 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3244 l2cap_ertm_init(sk);
3246 l2cap_chan_ready(sk);
3254 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3256 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3257 struct l2cap_disconn_rsp rsp;
3261 scid = __le16_to_cpu(req->scid);
3262 dcid = __le16_to_cpu(req->dcid);
3264 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3266 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3270 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3271 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3272 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3274 sk->sk_shutdown = SHUTDOWN_MASK;
3276 l2cap_chan_del(sk, ECONNRESET);
3279 l2cap_sock_kill(sk);
3283 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3285 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3289 scid = __le16_to_cpu(rsp->scid);
3290 dcid = __le16_to_cpu(rsp->dcid);
3292 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3294 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3298 l2cap_chan_del(sk, 0);
3301 l2cap_sock_kill(sk);
3305 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3307 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3310 type = __le16_to_cpu(req->type);
3312 BT_DBG("type 0x%4.4x", type);
3314 if (type == L2CAP_IT_FEAT_MASK) {
3316 u32 feat_mask = l2cap_feat_mask;
3317 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3318 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3319 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3321 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3323 put_unaligned_le32(feat_mask, rsp->data);
3324 l2cap_send_cmd(conn, cmd->ident,
3325 L2CAP_INFO_RSP, sizeof(buf), buf);
3326 } else if (type == L2CAP_IT_FIXED_CHAN) {
3328 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3329 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3330 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3331 memcpy(buf + 4, l2cap_fixed_chan, 8);
3332 l2cap_send_cmd(conn, cmd->ident,
3333 L2CAP_INFO_RSP, sizeof(buf), buf);
3335 struct l2cap_info_rsp rsp;
3336 rsp.type = cpu_to_le16(type);
3337 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3338 l2cap_send_cmd(conn, cmd->ident,
3339 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3345 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3347 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3350 type = __le16_to_cpu(rsp->type);
3351 result = __le16_to_cpu(rsp->result);
3353 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3355 del_timer(&conn->info_timer);
3357 if (result != L2CAP_IR_SUCCESS) {
3358 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3359 conn->info_ident = 0;
3361 l2cap_conn_start(conn);
3366 if (type == L2CAP_IT_FEAT_MASK) {
3367 conn->feat_mask = get_unaligned_le32(rsp->data);
3369 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3370 struct l2cap_info_req req;
3371 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3373 conn->info_ident = l2cap_get_ident(conn);
3375 l2cap_send_cmd(conn, conn->info_ident,
3376 L2CAP_INFO_REQ, sizeof(req), &req);
3378 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3379 conn->info_ident = 0;
3381 l2cap_conn_start(conn);
3383 } else if (type == L2CAP_IT_FIXED_CHAN) {
3384 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3385 conn->info_ident = 0;
3387 l2cap_conn_start(conn);
3393 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3395 u8 *data = skb->data;
3397 struct l2cap_cmd_hdr cmd;
3400 l2cap_raw_recv(conn, skb);
3402 while (len >= L2CAP_CMD_HDR_SIZE) {
3404 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3405 data += L2CAP_CMD_HDR_SIZE;
3406 len -= L2CAP_CMD_HDR_SIZE;
3408 cmd_len = le16_to_cpu(cmd.len);
3410 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3412 if (cmd_len > len || !cmd.ident) {
3413 BT_DBG("corrupted command");
3418 case L2CAP_COMMAND_REJ:
3419 l2cap_command_rej(conn, &cmd, data);
3422 case L2CAP_CONN_REQ:
3423 err = l2cap_connect_req(conn, &cmd, data);
3426 case L2CAP_CONN_RSP:
3427 err = l2cap_connect_rsp(conn, &cmd, data);
3430 case L2CAP_CONF_REQ:
3431 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3434 case L2CAP_CONF_RSP:
3435 err = l2cap_config_rsp(conn, &cmd, data);
3438 case L2CAP_DISCONN_REQ:
3439 err = l2cap_disconnect_req(conn, &cmd, data);
3442 case L2CAP_DISCONN_RSP:
3443 err = l2cap_disconnect_rsp(conn, &cmd, data);
3446 case L2CAP_ECHO_REQ:
3447 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3450 case L2CAP_ECHO_RSP:
3453 case L2CAP_INFO_REQ:
3454 err = l2cap_information_req(conn, &cmd, data);
3457 case L2CAP_INFO_RSP:
3458 err = l2cap_information_rsp(conn, &cmd, data);
3462 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3468 struct l2cap_cmd_rej rej;
3469 BT_DBG("error %d", err);
3471 /* FIXME: Map err to a valid reason */
3472 rej.reason = cpu_to_le16(0);
3473 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3483 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3485 u16 our_fcs, rcv_fcs;
3486 int hdr_size = L2CAP_HDR_SIZE + 2;
3488 if (pi->fcs == L2CAP_FCS_CRC16) {
3489 skb_trim(skb, skb->len - 2);
3490 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3491 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3493 if (our_fcs != rcv_fcs)
3499 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3501 struct l2cap_pinfo *pi = l2cap_pi(sk);
3504 pi->frames_sent = 0;
3506 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3508 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3509 control |= L2CAP_SUPER_RCV_NOT_READY;
3510 l2cap_send_sframe(pi, control);
3511 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3514 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3515 l2cap_retransmit_frames(sk);
3517 l2cap_ertm_send(sk);
3519 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3520 pi->frames_sent == 0) {
3521 control |= L2CAP_SUPER_RCV_READY;
3522 l2cap_send_sframe(pi, control);
3526 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3528 struct sk_buff *next_skb;
3529 struct l2cap_pinfo *pi = l2cap_pi(sk);
3530 int tx_seq_offset, next_tx_seq_offset;
3532 bt_cb(skb)->tx_seq = tx_seq;
3533 bt_cb(skb)->sar = sar;
3535 next_skb = skb_peek(SREJ_QUEUE(sk));
3537 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3541 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3542 if (tx_seq_offset < 0)
3543 tx_seq_offset += 64;
3546 if (bt_cb(next_skb)->tx_seq == tx_seq)
3549 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3550 pi->buffer_seq) % 64;
3551 if (next_tx_seq_offset < 0)
3552 next_tx_seq_offset += 64;
3554 if (next_tx_seq_offset > tx_seq_offset) {
3555 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3559 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3562 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3564 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3569 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3571 struct l2cap_pinfo *pi = l2cap_pi(sk);
3572 struct sk_buff *_skb;
3575 switch (control & L2CAP_CTRL_SAR) {
3576 case L2CAP_SDU_UNSEGMENTED:
3577 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3580 err = sock_queue_rcv_skb(sk, skb);
3586 case L2CAP_SDU_START:
3587 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3590 pi->sdu_len = get_unaligned_le16(skb->data);
3592 if (pi->sdu_len > pi->imtu)
3595 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3599 /* pull sdu_len bytes only after alloc, because of Local Busy
3600 * condition we have to be sure that this will be executed
3601 * only once, i.e., when alloc does not fail */
3604 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3606 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3607 pi->partial_sdu_len = skb->len;
3610 case L2CAP_SDU_CONTINUE:
3611 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3617 pi->partial_sdu_len += skb->len;
3618 if (pi->partial_sdu_len > pi->sdu_len)
3621 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3626 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3632 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3633 pi->partial_sdu_len += skb->len;
3635 if (pi->partial_sdu_len > pi->imtu)
3638 if (pi->partial_sdu_len != pi->sdu_len)
3641 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3644 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3646 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3650 err = sock_queue_rcv_skb(sk, _skb);
3653 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3657 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3658 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3672 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3677 static int l2cap_try_push_rx_skb(struct sock *sk)
3679 struct l2cap_pinfo *pi = l2cap_pi(sk);
3680 struct sk_buff *skb;
3684 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3685 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3686 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3688 skb_queue_head(BUSY_QUEUE(sk), skb);
3692 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3695 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3698 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3699 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3700 l2cap_send_sframe(pi, control);
3701 l2cap_pi(sk)->retry_count = 1;
3703 del_timer(&pi->retrans_timer);
3704 __mod_monitor_timer();
3706 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3709 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3710 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3712 BT_DBG("sk %p, Exit local busy", sk);
3717 static void l2cap_busy_work(struct work_struct *work)
3719 DECLARE_WAITQUEUE(wait, current);
3720 struct l2cap_pinfo *pi =
3721 container_of(work, struct l2cap_pinfo, busy_work);
3722 struct sock *sk = (struct sock *)pi;
3723 int n_tries = 0, timeo = HZ/5, err;
3724 struct sk_buff *skb;
3728 add_wait_queue(sk_sleep(sk), &wait);
3729 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3730 set_current_state(TASK_INTERRUPTIBLE);
3732 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3734 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3741 if (signal_pending(current)) {
3742 err = sock_intr_errno(timeo);
3747 timeo = schedule_timeout(timeo);
3750 err = sock_error(sk);
3754 if (l2cap_try_push_rx_skb(sk) == 0)
3758 set_current_state(TASK_RUNNING);
3759 remove_wait_queue(sk_sleep(sk), &wait);
3764 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3766 struct l2cap_pinfo *pi = l2cap_pi(sk);
3769 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3770 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3771 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3772 return l2cap_try_push_rx_skb(sk);
3777 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3779 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3783 /* Busy Condition */
3784 BT_DBG("sk %p, Enter local busy", sk);
3786 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3787 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3788 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3790 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3791 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3792 l2cap_send_sframe(pi, sctrl);
3794 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3796 del_timer(&pi->ack_timer);
3798 queue_work(_busy_wq, &pi->busy_work);
3803 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3805 struct l2cap_pinfo *pi = l2cap_pi(sk);
3806 struct sk_buff *_skb;
3810 * TODO: We have to notify the userland if some data is lost with the
3814 switch (control & L2CAP_CTRL_SAR) {
3815 case L2CAP_SDU_UNSEGMENTED:
3816 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3821 err = sock_queue_rcv_skb(sk, skb);
3827 case L2CAP_SDU_START:
3828 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3833 pi->sdu_len = get_unaligned_le16(skb->data);
3836 if (pi->sdu_len > pi->imtu) {
3841 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3847 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3849 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3850 pi->partial_sdu_len = skb->len;
3854 case L2CAP_SDU_CONTINUE:
3855 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3858 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3860 pi->partial_sdu_len += skb->len;
3861 if (pi->partial_sdu_len > pi->sdu_len)
3869 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3872 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3874 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3875 pi->partial_sdu_len += skb->len;
3877 if (pi->partial_sdu_len > pi->imtu)
3880 if (pi->partial_sdu_len == pi->sdu_len) {
3881 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3882 err = sock_queue_rcv_skb(sk, _skb);
3897 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3899 struct sk_buff *skb;
3902 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3903 if (bt_cb(skb)->tx_seq != tx_seq)
3906 skb = skb_dequeue(SREJ_QUEUE(sk));
3907 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3908 l2cap_ertm_reassembly_sdu(sk, skb, control);
3909 l2cap_pi(sk)->buffer_seq_srej =
3910 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3911 tx_seq = (tx_seq + 1) % 64;
3915 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3917 struct l2cap_pinfo *pi = l2cap_pi(sk);
3918 struct srej_list *l, *tmp;
3921 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3922 if (l->tx_seq == tx_seq) {
3927 control = L2CAP_SUPER_SELECT_REJECT;
3928 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3929 l2cap_send_sframe(pi, control);
3931 list_add_tail(&l->list, SREJ_LIST(sk));
3935 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3937 struct l2cap_pinfo *pi = l2cap_pi(sk);
3938 struct srej_list *new;
3941 while (tx_seq != pi->expected_tx_seq) {
3942 control = L2CAP_SUPER_SELECT_REJECT;
3943 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3944 l2cap_send_sframe(pi, control);
3946 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3947 new->tx_seq = pi->expected_tx_seq;
3948 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3949 list_add_tail(&new->list, SREJ_LIST(sk));
3951 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3954 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3956 struct l2cap_pinfo *pi = l2cap_pi(sk);
3957 u8 tx_seq = __get_txseq(rx_control);
3958 u8 req_seq = __get_reqseq(rx_control);
3959 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3960 int tx_seq_offset, expected_tx_seq_offset;
3961 int num_to_ack = (pi->tx_win/6) + 1;
3964 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3967 if (L2CAP_CTRL_FINAL & rx_control &&
3968 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3969 del_timer(&pi->monitor_timer);
3970 if (pi->unacked_frames > 0)
3971 __mod_retrans_timer();
3972 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3975 pi->expected_ack_seq = req_seq;
3976 l2cap_drop_acked_frames(sk);
3978 if (tx_seq == pi->expected_tx_seq)
3981 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3982 if (tx_seq_offset < 0)
3983 tx_seq_offset += 64;
3985 /* invalid tx_seq */
3986 if (tx_seq_offset >= pi->tx_win) {
3987 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3991 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3994 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3995 struct srej_list *first;
3997 first = list_first_entry(SREJ_LIST(sk),
3998 struct srej_list, list);
3999 if (tx_seq == first->tx_seq) {
4000 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4001 l2cap_check_srej_gap(sk, tx_seq);
4003 list_del(&first->list);
4006 if (list_empty(SREJ_LIST(sk))) {
4007 pi->buffer_seq = pi->buffer_seq_srej;
4008 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
4010 BT_DBG("sk %p, Exit SREJ_SENT", sk);
4013 struct srej_list *l;
4015 /* duplicated tx_seq */
4016 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
4019 list_for_each_entry(l, SREJ_LIST(sk), list) {
4020 if (l->tx_seq == tx_seq) {
4021 l2cap_resend_srejframe(sk, tx_seq);
4025 l2cap_send_srejframe(sk, tx_seq);
4028 expected_tx_seq_offset =
4029 (pi->expected_tx_seq - pi->buffer_seq) % 64;
4030 if (expected_tx_seq_offset < 0)
4031 expected_tx_seq_offset += 64;
4033 /* duplicated tx_seq */
4034 if (tx_seq_offset < expected_tx_seq_offset)
4037 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
4039 BT_DBG("sk %p, Enter SREJ", sk);
4041 INIT_LIST_HEAD(SREJ_LIST(sk));
4042 pi->buffer_seq_srej = pi->buffer_seq;
4044 __skb_queue_head_init(SREJ_QUEUE(sk));
4045 __skb_queue_head_init(BUSY_QUEUE(sk));
4046 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4048 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
4050 l2cap_send_srejframe(sk, tx_seq);
4052 del_timer(&pi->ack_timer);
4057 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4059 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4060 bt_cb(skb)->tx_seq = tx_seq;
4061 bt_cb(skb)->sar = sar;
4062 __skb_queue_tail(SREJ_QUEUE(sk), skb);
4066 err = l2cap_push_rx_skb(sk, skb, rx_control);
4070 if (rx_control & L2CAP_CTRL_FINAL) {
4071 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4072 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4074 l2cap_retransmit_frames(sk);
4079 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
4080 if (pi->num_acked == num_to_ack - 1)
4090 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
4092 struct l2cap_pinfo *pi = l2cap_pi(sk);
4094 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4097 pi->expected_ack_seq = __get_reqseq(rx_control);
4098 l2cap_drop_acked_frames(sk);
4100 if (rx_control & L2CAP_CTRL_POLL) {
4101 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4102 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4103 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4104 (pi->unacked_frames > 0))
4105 __mod_retrans_timer();
4107 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4108 l2cap_send_srejtail(sk);
4110 l2cap_send_i_or_rr_or_rnr(sk);
4113 } else if (rx_control & L2CAP_CTRL_FINAL) {
4114 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4116 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4117 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4119 l2cap_retransmit_frames(sk);
4122 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4123 (pi->unacked_frames > 0))
4124 __mod_retrans_timer();
4126 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4127 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4130 l2cap_ertm_send(sk);
4135 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
4137 struct l2cap_pinfo *pi = l2cap_pi(sk);
4138 u8 tx_seq = __get_reqseq(rx_control);
4140 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4142 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4144 pi->expected_ack_seq = tx_seq;
4145 l2cap_drop_acked_frames(sk);
4147 if (rx_control & L2CAP_CTRL_FINAL) {
4148 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4149 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4151 l2cap_retransmit_frames(sk);
4153 l2cap_retransmit_frames(sk);
4155 if (pi->conn_state & L2CAP_CONN_WAIT_F)
4156 pi->conn_state |= L2CAP_CONN_REJ_ACT;
4159 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
4161 struct l2cap_pinfo *pi = l2cap_pi(sk);
4162 u8 tx_seq = __get_reqseq(rx_control);
4164 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4166 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4168 if (rx_control & L2CAP_CTRL_POLL) {
4169 pi->expected_ack_seq = tx_seq;
4170 l2cap_drop_acked_frames(sk);
4172 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4173 l2cap_retransmit_one_frame(sk, tx_seq);
4175 l2cap_ertm_send(sk);
4177 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4178 pi->srej_save_reqseq = tx_seq;
4179 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4181 } else if (rx_control & L2CAP_CTRL_FINAL) {
4182 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4183 pi->srej_save_reqseq == tx_seq)
4184 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4186 l2cap_retransmit_one_frame(sk, tx_seq);
4188 l2cap_retransmit_one_frame(sk, tx_seq);
4189 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4190 pi->srej_save_reqseq = tx_seq;
4191 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4196 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4198 struct l2cap_pinfo *pi = l2cap_pi(sk);
4199 u8 tx_seq = __get_reqseq(rx_control);
4201 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4203 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4204 pi->expected_ack_seq = tx_seq;
4205 l2cap_drop_acked_frames(sk);
4207 if (rx_control & L2CAP_CTRL_POLL)
4208 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4210 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4211 del_timer(&pi->retrans_timer);
4212 if (rx_control & L2CAP_CTRL_POLL)
4213 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4217 if (rx_control & L2CAP_CTRL_POLL)
4218 l2cap_send_srejtail(sk);
4220 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4223 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4225 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4227 if (L2CAP_CTRL_FINAL & rx_control &&
4228 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4229 del_timer(&l2cap_pi(sk)->monitor_timer);
4230 if (l2cap_pi(sk)->unacked_frames > 0)
4231 __mod_retrans_timer();
4232 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4235 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4236 case L2CAP_SUPER_RCV_READY:
4237 l2cap_data_channel_rrframe(sk, rx_control);
4240 case L2CAP_SUPER_REJECT:
4241 l2cap_data_channel_rejframe(sk, rx_control);
4244 case L2CAP_SUPER_SELECT_REJECT:
4245 l2cap_data_channel_srejframe(sk, rx_control);
4248 case L2CAP_SUPER_RCV_NOT_READY:
4249 l2cap_data_channel_rnrframe(sk, rx_control);
4257 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4259 struct l2cap_pinfo *pi = l2cap_pi(sk);
4262 int len, next_tx_seq_offset, req_seq_offset;
4264 control = get_unaligned_le16(skb->data);
4269 * We can just drop the corrupted I-frame here.
4270 * Receiver will miss it and start proper recovery
4271 * procedures and ask retransmission.
4273 if (l2cap_check_fcs(pi, skb))
4276 if (__is_sar_start(control) && __is_iframe(control))
4279 if (pi->fcs == L2CAP_FCS_CRC16)
4282 if (len > pi->mps) {
4283 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4287 req_seq = __get_reqseq(control);
4288 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4289 if (req_seq_offset < 0)
4290 req_seq_offset += 64;
4292 next_tx_seq_offset =
4293 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4294 if (next_tx_seq_offset < 0)
4295 next_tx_seq_offset += 64;
4297 /* check for invalid req-seq */
4298 if (req_seq_offset > next_tx_seq_offset) {
4299 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4303 if (__is_iframe(control)) {
4305 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4309 l2cap_data_channel_iframe(sk, control, skb);
4313 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4317 l2cap_data_channel_sframe(sk, control, skb);
4327 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4330 struct l2cap_pinfo *pi;
4335 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4337 BT_DBG("unknown cid 0x%4.4x", cid);
4343 BT_DBG("sk %p, len %d", sk, skb->len);
4345 if (sk->sk_state != BT_CONNECTED)
4349 case L2CAP_MODE_BASIC:
4350 /* If socket recv buffers overflows we drop data here
4351 * which is *bad* because L2CAP has to be reliable.
4352 * But we don't have any other choice. L2CAP doesn't
4353 * provide flow control mechanism. */
4355 if (pi->imtu < skb->len)
4358 if (!sock_queue_rcv_skb(sk, skb))
4362 case L2CAP_MODE_ERTM:
4363 if (!sock_owned_by_user(sk)) {
4364 l2cap_ertm_data_rcv(sk, skb);
4366 if (sk_add_backlog(sk, skb))
4372 case L2CAP_MODE_STREAMING:
4373 control = get_unaligned_le16(skb->data);
4377 if (l2cap_check_fcs(pi, skb))
4380 if (__is_sar_start(control))
4383 if (pi->fcs == L2CAP_FCS_CRC16)
4386 if (len > pi->mps || len < 0 || __is_sframe(control))
4389 tx_seq = __get_txseq(control);
4391 if (pi->expected_tx_seq == tx_seq)
4392 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4394 pi->expected_tx_seq = (tx_seq + 1) % 64;
4396 l2cap_streaming_reassembly_sdu(sk, skb, control);
4401 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
4415 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4419 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
4423 BT_DBG("sk %p, len %d", sk, skb->len);
4425 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
4428 if (l2cap_pi(sk)->imtu < skb->len)
4431 if (!sock_queue_rcv_skb(sk, skb))
4443 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4445 struct l2cap_hdr *lh = (void *) skb->data;
4449 skb_pull(skb, L2CAP_HDR_SIZE);
4450 cid = __le16_to_cpu(lh->cid);
4451 len = __le16_to_cpu(lh->len);
4453 if (len != skb->len) {
4458 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4461 case L2CAP_CID_SIGNALING:
4462 l2cap_sig_channel(conn, skb);
4465 case L2CAP_CID_CONN_LESS:
4466 psm = get_unaligned_le16(skb->data);
4468 l2cap_conless_channel(conn, psm, skb);
4472 l2cap_data_channel(conn, cid, skb);
4477 /* ---- L2CAP interface with lower layer (HCI) ---- */
4479 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4481 int exact = 0, lm1 = 0, lm2 = 0;
4482 register struct sock *sk;
4483 struct hlist_node *node;
4485 if (type != ACL_LINK)
4488 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4490 /* Find listening sockets and check their link_mode */
4491 read_lock(&l2cap_sk_list.lock);
4492 sk_for_each(sk, node, &l2cap_sk_list.head) {
4493 if (sk->sk_state != BT_LISTEN)
4496 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
4497 lm1 |= HCI_LM_ACCEPT;
4498 if (l2cap_pi(sk)->role_switch)
4499 lm1 |= HCI_LM_MASTER;
4501 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4502 lm2 |= HCI_LM_ACCEPT;
4503 if (l2cap_pi(sk)->role_switch)
4504 lm2 |= HCI_LM_MASTER;
4507 read_unlock(&l2cap_sk_list.lock);
4509 return exact ? lm1 : lm2;
4512 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4514 struct l2cap_conn *conn;
4516 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4518 if (hcon->type != ACL_LINK)
4522 conn = l2cap_conn_add(hcon, status);
4524 l2cap_conn_ready(conn);
4526 l2cap_conn_del(hcon, bt_err(status));
4531 static int l2cap_disconn_ind(struct hci_conn *hcon)
4533 struct l2cap_conn *conn = hcon->l2cap_data;
4535 BT_DBG("hcon %p", hcon);
4537 if (hcon->type != ACL_LINK || !conn)
4540 return conn->disc_reason;
4543 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4545 BT_DBG("hcon %p reason %d", hcon, reason);
4547 if (hcon->type != ACL_LINK)
4550 l2cap_conn_del(hcon, bt_err(reason));
4555 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
4557 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
4560 if (encrypt == 0x00) {
4561 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
4562 l2cap_sock_clear_timer(sk);
4563 l2cap_sock_set_timer(sk, HZ * 5);
4564 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
4565 __l2cap_sock_close(sk, ECONNREFUSED);
4567 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
4568 l2cap_sock_clear_timer(sk);
4572 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4574 struct l2cap_chan_list *l;
4575 struct l2cap_conn *conn = hcon->l2cap_data;
4581 l = &conn->chan_list;
4583 BT_DBG("conn %p", conn);
4585 read_lock(&l->lock);
4587 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
4590 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
4595 if (!status && (sk->sk_state == BT_CONNECTED ||
4596 sk->sk_state == BT_CONFIG)) {
4597 l2cap_check_encryption(sk, encrypt);
4602 if (sk->sk_state == BT_CONNECT) {
4604 struct l2cap_conn_req req;
4605 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
4606 req.psm = l2cap_pi(sk)->psm;
4608 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
4609 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
4611 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4612 L2CAP_CONN_REQ, sizeof(req), &req);
4614 l2cap_sock_clear_timer(sk);
4615 l2cap_sock_set_timer(sk, HZ / 10);
4617 } else if (sk->sk_state == BT_CONNECT2) {
4618 struct l2cap_conn_rsp rsp;
4622 sk->sk_state = BT_CONFIG;
4623 result = L2CAP_CR_SUCCESS;
4625 sk->sk_state = BT_DISCONN;
4626 l2cap_sock_set_timer(sk, HZ / 10);
4627 result = L2CAP_CR_SEC_BLOCK;
4630 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
4631 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
4632 rsp.result = cpu_to_le16(result);
4633 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4634 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4635 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4641 read_unlock(&l->lock);
4646 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4648 struct l2cap_conn *conn = hcon->l2cap_data;
4650 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4653 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4655 if (flags & ACL_START) {
4656 struct l2cap_hdr *hdr;
4660 BT_ERR("Unexpected start frame (len %d)", skb->len);
4661 kfree_skb(conn->rx_skb);
4662 conn->rx_skb = NULL;
4664 l2cap_conn_unreliable(conn, ECOMM);
4668 BT_ERR("Frame is too short (len %d)", skb->len);
4669 l2cap_conn_unreliable(conn, ECOMM);
4673 hdr = (struct l2cap_hdr *) skb->data;
4674 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4676 if (len == skb->len) {
4677 /* Complete frame received */
4678 l2cap_recv_frame(conn, skb);
4682 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4684 if (skb->len > len) {
4685 BT_ERR("Frame is too long (len %d, expected len %d)",
4687 l2cap_conn_unreliable(conn, ECOMM);
4691 /* Allocate skb for the complete frame (with header) */
4692 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4696 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4698 conn->rx_len = len - skb->len;
4700 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4702 if (!conn->rx_len) {
4703 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4704 l2cap_conn_unreliable(conn, ECOMM);
4708 if (skb->len > conn->rx_len) {
4709 BT_ERR("Fragment is too long (len %d, expected %d)",
4710 skb->len, conn->rx_len);
4711 kfree_skb(conn->rx_skb);
4712 conn->rx_skb = NULL;
4714 l2cap_conn_unreliable(conn, ECOMM);
4718 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4720 conn->rx_len -= skb->len;
4722 if (!conn->rx_len) {
4723 /* Complete frame received */
4724 l2cap_recv_frame(conn, conn->rx_skb);
4725 conn->rx_skb = NULL;
4734 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4737 struct hlist_node *node;
4739 read_lock_bh(&l2cap_sk_list.lock);
4741 sk_for_each(sk, node, &l2cap_sk_list.head) {
4742 struct l2cap_pinfo *pi = l2cap_pi(sk);
4744 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4745 batostr(&bt_sk(sk)->src),
4746 batostr(&bt_sk(sk)->dst),
4747 sk->sk_state, __le16_to_cpu(pi->psm),
4749 pi->imtu, pi->omtu, pi->sec_level);
4752 read_unlock_bh(&l2cap_sk_list.lock);
4757 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4759 return single_open(file, l2cap_debugfs_show, inode->i_private);
4762 static const struct file_operations l2cap_debugfs_fops = {
4763 .open = l2cap_debugfs_open,
4765 .llseek = seq_lseek,
4766 .release = single_release,
4769 static struct dentry *l2cap_debugfs;
4771 static const struct proto_ops l2cap_sock_ops = {
4772 .family = PF_BLUETOOTH,
4773 .owner = THIS_MODULE,
4774 .release = l2cap_sock_release,
4775 .bind = l2cap_sock_bind,
4776 .connect = l2cap_sock_connect,
4777 .listen = l2cap_sock_listen,
4778 .accept = l2cap_sock_accept,
4779 .getname = l2cap_sock_getname,
4780 .sendmsg = l2cap_sock_sendmsg,
4781 .recvmsg = l2cap_sock_recvmsg,
4782 .poll = bt_sock_poll,
4783 .ioctl = bt_sock_ioctl,
4784 .mmap = sock_no_mmap,
4785 .socketpair = sock_no_socketpair,
4786 .shutdown = l2cap_sock_shutdown,
4787 .setsockopt = l2cap_sock_setsockopt,
4788 .getsockopt = l2cap_sock_getsockopt
4791 static const struct net_proto_family l2cap_sock_family_ops = {
4792 .family = PF_BLUETOOTH,
4793 .owner = THIS_MODULE,
4794 .create = l2cap_sock_create,
4797 static struct hci_proto l2cap_hci_proto = {
4799 .id = HCI_PROTO_L2CAP,
4800 .connect_ind = l2cap_connect_ind,
4801 .connect_cfm = l2cap_connect_cfm,
4802 .disconn_ind = l2cap_disconn_ind,
4803 .disconn_cfm = l2cap_disconn_cfm,
4804 .security_cfm = l2cap_security_cfm,
4805 .recv_acldata = l2cap_recv_acldata
4808 static int __init l2cap_init(void)
4812 err = proto_register(&l2cap_proto, 0);
4816 _busy_wq = create_singlethread_workqueue("l2cap");
4820 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4822 BT_ERR("L2CAP socket registration failed");
4826 err = hci_register_proto(&l2cap_hci_proto);
4828 BT_ERR("L2CAP protocol registration failed");
4829 bt_sock_unregister(BTPROTO_L2CAP);
4834 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4835 bt_debugfs, NULL, &l2cap_debugfs_fops);
4837 BT_ERR("Failed to create L2CAP debug file");
4840 BT_INFO("L2CAP ver %s", VERSION);
4841 BT_INFO("L2CAP socket layer initialized");
4846 proto_unregister(&l2cap_proto);
4850 static void __exit l2cap_exit(void)
4852 debugfs_remove(l2cap_debugfs);
4854 flush_workqueue(_busy_wq);
4855 destroy_workqueue(_busy_wq);
4857 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4858 BT_ERR("L2CAP socket unregistration failed");
4860 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4861 BT_ERR("L2CAP protocol unregistration failed");
4863 proto_unregister(&l2cap_proto);
4866 void l2cap_load(void)
4868 /* Dummy function to trigger automatic L2CAP module loading by
4869 * other modules that use L2CAP sockets but don't use any other
4870 * symbols from it. */
4872 EXPORT_SYMBOL(l2cap_load);
4874 module_init(l2cap_init);
4875 module_exit(l2cap_exit);
4877 module_param(disable_ertm, bool, 0644);
4878 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4880 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4881 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4882 MODULE_VERSION(VERSION);
4883 MODULE_LICENSE("GPL");
4884 MODULE_ALIAS("bt-proto-0");
projects / linux-flexiantxendom0-natty.git / blob